[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN104899488B - Numeric value transfer and device - Google Patents

Numeric value transfer and device Download PDF

Info

Publication number
CN104899488B
CN104899488B CN201410849869.3A CN201410849869A CN104899488B CN 104899488 B CN104899488 B CN 104899488B CN 201410849869 A CN201410849869 A CN 201410849869A CN 104899488 B CN104899488 B CN 104899488B
Authority
CN
China
Prior art keywords
numerical value
value transfer
finger print
print information
message digest
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410849869.3A
Other languages
Chinese (zh)
Other versions
CN104899488A (en
Inventor
李建立
李茂材
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Tencent Computer Systems Co Ltd
Original Assignee
Shenzhen Tencent Computer Systems Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Tencent Computer Systems Co Ltd filed Critical Shenzhen Tencent Computer Systems Co Ltd
Priority to CN201410849869.3A priority Critical patent/CN104899488B/en
Publication of CN104899488A publication Critical patent/CN104899488A/en
Application granted granted Critical
Publication of CN104899488B publication Critical patent/CN104899488B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention discloses a kind of numeric value transfer and device, belong to networking technology area.Method includes: when, after the numerical value transfer operation detected in specified page, generating the message digest for describing numerical value transfer operation;According to the finger print information of storage, the appointment finger print information got is verified;After specifying finger print information by checking, according to digital certificate, message digest is processed, obtain signature packet;Signature packet and numerical value transfer request are sent to destination server, destination server processes according to digital certificate and signature packet, logarithm value transfer request.Owing to combining digital certificate and fingerprint authentication technology achieves the transfer of numerical value, therefore can ensure that local fingerprint authentication result intactly uploads to destination server, avoid in the case of occurring data maliciously to be distorted by other people or other people pretend to be user's initiation numerical value transfer request, logarithm value transfer request carries out the risk processed, and safety is higher.

Description

Numeric value transfer and device
Technical field
The present invention relates to networking technology area, particularly to a kind of numeric value transfer and device.
Background technology
Along with the gradually maturation of fingerprint identification technology, fingerprint pays and increasingly becomes a kind of possible.Fingerprint payment i.e. fingerprint Consumption, is to use current mature system of fingerprints to carry out consuming certification, can complete consumption and payment by fingerprint recognition.Not only Simplify consumption program, eliminate various member card, the impeding of bank card, it is also possible to obtain the novel payment of one of great number rebating Pattern.
Prior art user is carrying out in fingerprint payment process by payment application, when fingerprint is by native operating sys-tern After checking, directly return to the token including payment request information and fingerprint authentication result pay application;Afterwards, application is paid This token is sent to paying server, and this paying server is referred to as paying application and provides the server of service.Payment services Device, after receiving this token, carries out the deduction of appointment numerical value according to the payment request information comprised in token at user account.
During realizing the present invention, inventor finds that prior art at least there is problems in that
After at fingerprint by local verification, directly token is sent to paying server, so depositing during data transmission In the risk maliciously distorted by other people, it is impossible to ensure the integrity that fingerprint authentication result is uploaded, therefore this kind of fingerprint means of payment Safety is the highest.
Summary of the invention
In order to solve problem of the prior art, embodiments provide a kind of numeric value transfer and device.Described Technical scheme is as follows:
First aspect, it is provided that a kind of numeric value transfer, described method is applied to terminal, and described method includes:
When, after the numerical value transfer operation detected in specified page, generating the message for describing described numerical value transfer operation Summary;
According to the finger print information of storage, the appointment finger print information got is verified;
After described appointment finger print information is by checking, according to digital certificate, described message digest is processed, obtain Signature packet, described digital certificate at least includes the private key being encrypted described message digest;
Described signature packet and numerical value transfer request are sent to destination server, by described destination server according to institute State digital certificate and described signature packet, described numerical value transfer request is processed;
Wherein, described numerical value transfer request at least includes ID and object information.
Second aspect, it is provided that a kind of numeric value transfer, described method is applied to destination server, described method bag Include:
Receiving signature packet and numerical value transfer request that terminal sends, described signature packet is for being encrypted and signing The first message digest, described first message digest is used for describing numerical value transfer operation, at least wraps in described numerical value transfer request Include ID and object information;
Obtaining the digital certificate that described signature packet is corresponding, described digital certificate at least includes described signature packet The PKI being decrypted;
According to described digital certificate and described signature packet, verify whether described numerical value transfer request passes through fingerprint inspection Card;
After described numerical value transfer request is by fingerprint authentication, described numerical value transfer request is processed.
The third aspect, it is provided that a kind of numerical value transfer device, described device is applied to terminal, and described device includes:
Message digest generation module, for when, after the numerical value transfer operation detected in specified page, generating and be used for describing The message digest of described numerical value transfer operation;
Finger print information authentication module, for the finger print information according to storage, tests the appointment finger print information got Card;
Message digest processing module, after when described appointment finger print information by checking, according to digital certificate to described Message digest processes, and obtains signature packet, and described digital certificate at least includes being encrypted described message digest Private key;
Data transmission blocks, for sending described signature packet and numerical value transfer request to destination server, by institute State destination server according to described digital certificate and described signature packet, described numerical value transfer request is processed;
Wherein, described numerical value transfer request at least includes ID and object information.
Fourth aspect, it is provided that a kind of numerical value transfer device, described device is applied to destination server, described device bag Include:
Data reception module, for receiving signature packet and numerical value transfer request, the described signed data that terminal sends Bag is the first message digest being encrypted and signing, and described first message digest is used for describing numerical value transfer operation, described number Value transfer request at least includes ID and object information;
Digital certificate acquisition module, for obtaining the digital certificate that described signature packet is corresponding, described digital certificate is extremely Include the PKI that described signature packet is decrypted less;
Fingerprint authentication module, for according to described digital certificate and described signature packet, verifies that the transfer of described numerical value please Seeking Truth is no passes through fingerprint authentication;
Numerical value transfer request processing module, after when described numerical value transfer request by fingerprint authentication, to described numerical value Transfer request processes.
The technical scheme that the embodiment of the present invention provides has the benefit that
After terminal detects the numerical value transfer operation in specified page, generate the message for describing numerical value transfer operation Summary;Afterwards, according to the finger print information of storage, the appointment finger print information got is verified;Pass through when specifying finger print information After checking, according to digital certificate, message digest is carried out process and obtain signature packet, and signature packet and numerical value are shifted Request sends to destination server, destination server carry out according to digital certificate and signature packet, logarithm value transfer request Process, in numerical value transfer process, owing to combining digital certificate and fingerprint authentication technology achieves the transfer of numerical value, therefore can protect The local fingerprint authentication result of card intactly uploads to destination server, it is to avoid occurring the data maliciously to be distorted or other people by other people In the case of pretending to be user to initiate numerical value transfer request, destination server still logarithm value transfer request carries out the wind processed Danger, the safety of this kind of numerical value branch mode is higher.
Accompanying drawing explanation
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, in embodiment being described below required for make Accompanying drawing be briefly described, it should be apparent that, below describe in accompanying drawing be only some embodiments of the present invention, for From the point of view of those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain other according to these accompanying drawings Accompanying drawing.
Fig. 1 is the schematic diagram of the implementation environment involved by a kind of numeric value transfer that the embodiment of the present invention provides;
Fig. 2 is the flow chart of a kind of numeric value transfer that the embodiment of the present invention provides;
Fig. 3 is the flow chart of a kind of numeric value transfer that the embodiment of the present invention provides;
Fig. 4 is the flow chart of a kind of numeric value transfer that the embodiment of the present invention provides;
Fig. 5 is the structural representation of a kind of numerical value transfer device that the embodiment of the present invention provides;
Fig. 6 is the structural representation of a kind of numerical value transfer device that the embodiment of the present invention provides;
Fig. 7 is the structural representation of a kind of terminal that the embodiment of the present invention provides;
Fig. 8 is the structural representation of a kind of server that the embodiment of the present invention provides.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to embodiment party of the present invention Formula is described in further detail.
Before the embodiment of the present invention is done solution explanation in detail, first the implementation environment that the present embodiments relate to is carried out Introduce.
Fig. 1 is the implementation environment schematic diagram involved by a kind of numeric value transfer that the embodiment of the present invention provides.See figure 1, this implementation environment includes terminal and destination server.Wherein, terminal refers to the sender of numerical value transfer request, can be intelligence Mobile phone, panel computer etc..Destination server is the recipient of data transfer request, is used for processing numerical value transfer request, for user And the Third-party payment platform between trade company.Incidence relation is there is in user by destiny account and destination server.The present invention relates to And numeric value transfer be applied to fingerprint form numerical value transfer, mainly include activate fingerprint form numerical value transfer operation stream Journey and employing fingerprint carry out the operating process of numerical value transfer.Wherein, the numerical value transfer operation flow process activating fingerprint form all exists End side performs.
It should be noted that the terminal in the embodiment of the present invention is provided with one or more fingerprint collecting sensor.Additionally, In order to ensure the safety of finger print information, the chip of terminal has the appointment safety zone of such as trustzone, is used for storing Finger print information and the higher information of digital certificate class privacy.Terminal, in addition to conventional operating system, is additionally provided with independent peace Full operation system, this SOS supports preservation and checking, the installation of digital certificate, the private of use digital certificate of fingerprint Key is encrypted.
Wherein, terminal is after the numerical value forwarding function activating fingerprint form, when the numerical value transfer detected in specified page During operation, generate the message digest for describing numerical value transfer operation;According to the finger print information of storage, the appointment to getting refers to Stricture of vagina information is verified;After specifying finger print information by checking, according to digital certificate, message digest is processed, signed Name packet, a digital certificate is the most corresponding with a user, and digital certificate at least includes being encrypted message digest Private key;Signature packet and numerical value transfer request are sent to destination server, by destination server according to digital certificate and label Name packet, logarithm value transfer request processes;Wherein, numerical value transfer request at least includes ID and object letter Breath.
Destination server, for according to digital certificate and signature packet, checking numerical value transfer request passes through fingerprint inspection After card, process according to object information logarithm value transfer request.Such as, destination server is receiving Client-initiated number After value transfer request, after the appointment numerical value amount of money that deduction mates with object from the account of user, by this appointment numerical value amount of money Directly or after the certain time length of interval, draw in the account that trade company is corresponding, thus realize the transfer of numerical value.
Fig. 2 is the flow chart of a kind of numeric value transfer that the embodiment of the present invention provides.The angle of the method is performed with terminal As a example by degree, seeing Fig. 2, the method flow that the embodiment of the present invention provides includes:
201, when, after the numerical value transfer operation detected in specified page, generating the message for describing numerical value transfer operation Summary.
Wherein, message digest can including, ID, object title, object quantity, numerical value total value, numerical value shift Mode, order number etc., this is the most specifically limited by the embodiment of the present invention.
202, according to the finger print information of storage, the appointment finger print information got is verified.
Wherein, the appointment safety zone of such as trustzone etc that the finger print information of storage is stored in terminal chip In.
203, after specifying finger print information by checking, according to digital certificate, message digest is processed, signed Packet.
Wherein, the Third Party Authentication that digital certificate can be approved by destination server or destination server is centrally generated, this This is the most specifically limited by bright embodiment.Additionally, digital certificate at least includes the private key being encrypted message digest, to report The information such as PKI that digest is to be decrypted, ID.
204, signature packet and numerical value transfer request are sent to destination server, destination server demonstrate,prove according to numeral Book and signature packet, logarithm value transfer request processes.
Wherein, numerical value transfer request at least includes ID and object information.
The method that the embodiment of the present invention provides, after terminal detects the numerical value transfer operation in specified page, generates and uses In the message digest describing numerical value transfer operation;Afterwards, according to the finger print information of storage, the appointment finger print information got is entered Row checking;After specifying finger print information by checking, according to digital certificate, message digest is carried out process and obtains signature packet, And signature packet and numerical value transfer request are sent to destination server, by destination server according to digital certificate and number of signature According to bag, logarithm value transfer request processes, in numerical value transfer process, real owing to combining digital certificate and fingerprint authentication technology Show the transfer of numerical value, therefore can ensure that local fingerprint authentication result intactly uploads to destination server, it is to avoid occurred Data are maliciously distorted by other people or other people pretend to be user to initiate in the case of numerical value transfer request, and destination server is the most right Numerical value transfer request carries out the risk processed, and the safety of this kind of numerical value branch mode is higher.
Alternatively, before verifying, according to the finger print information of storage, the appointment finger print information got, the method is also Including:
Finger print information is obtained by fingerprint collecting sensor;
Finger print information is stored in appointment safety zone;
The appointment finger print information got is verified by the finger print information according to storage, including:
The finger print information finger print information with storage will be specified to compare by particular safety operating system;
When specifying the finger print information finger print information with storage to match, it is intended that finger print information is by checking.
Alternatively, according to digital certificate, message digest is processed, obtain signature packet, including:
Obtain and be stored in the digital certificate specified in safety zone;
According to the private key in digital certificate, by particular safety operating system, message digest is encrypted, is encrypted Packet;
By particular safety operating system, encryption data bag is signed, obtain signature packet.
Alternatively, generating before the message digest that logarithm value transfer operation is described, the method also includes:
When fingerprint activated trigger action being detected, obtain the ID of user;
ID is uploaded to destination server, by destination server according to ID be user distribute numeral card Book, is back to terminal by digital certificate.
Alternatively, after digital certificate is back to terminal, the method also includes:
Fingerprint authentication interface is shown by particular safety operating system;
Fingerprint authentication interface obtains the appointment finger print information of user;
Compare specifying the finger print information finger print information with storage;
When specifying the finger print information finger print information with storage to match, carry out numeral card by particular safety operating system The installation of book.
Alternatively, generate the message digest for describing numerical value transfer operation, including:
Obtain the multinomial description information for describing numerical value transfer operation;
At least one key descriptors is chosen in multinomial description information;
From at least one key descriptors, obtain critical field, critical field is carried out as logarithm value transfer operation The message digest described.
Above-mentioned all optional technical schemes, can use and arbitrarily combine the alternative embodiment forming the present invention, at this no longer Repeat one by one.
Fig. 3 is the flow chart of a kind of numeric value transfer that the embodiment of the present invention provides.The party is performed with destination server As a example by the angle of method, seeing Fig. 3, the method flow that the embodiment of the present invention provides includes:
301, signature packet and the numerical value transfer request that terminal sends is received.
Wherein, signature packet is the first message digest being encrypted and signing, and the first message digest is used for describing number Value transfer operation, at least includes ID and object information in numerical value transfer request.
302, obtaining the digital certificate that signature packet is corresponding, digital certificate at least includes being decrypted signature packet PKI.
Wherein, a digital certificate is the most corresponding with a user.Private key in terminal utilizes the digital certificate of user First message digest is encrypted, and to encryption after the first message digest sign after, just obtain signature packet.
303, according to digital certificate and signature packet, whether checking numerical value transfer request passes through fingerprint authentication.Work as numerical value When transfer request is by fingerprint authentication, perform following step 303.
304, after numerical value transfer request is by fingerprint authentication, logarithm value transfer request processes.
The method that the embodiment of the present invention provides, after terminal detects the numerical value transfer operation in specified page, generates and uses In the message digest describing numerical value transfer operation;Afterwards, according to the finger print information of storage, the appointment finger print information got is entered Row checking;After specifying finger print information by checking, according to digital certificate, message digest is carried out process and obtains signature packet, And signature packet and numerical value transfer request are sent to destination server, by destination server according to digital certificate and number of signature According to bag, logarithm value transfer request processes, in numerical value transfer process, real owing to combining digital certificate and fingerprint authentication technology Show the transfer of numerical value, therefore can ensure that local fingerprint authentication result intactly uploads to destination server, it is to avoid occurred Data are maliciously distorted by other people or other people pretend to be user to initiate in the case of numerical value transfer request, and destination server is the most right Numerical value transfer request carries out the risk processed, and the safety of this kind of numerical value branch mode is higher.
Alternatively, according to digital certificate and signature packet, whether checking numerical value transfer request is by fingerprint authentication, bag Include:
According to the PKI in digital certificate, signature packet is decrypted, obtains the first message digest;
The second message digest is generated according to numerical value transfer request;
First message digest and the second message digest are compared;
If the first message digest and the second message digest match, then numerical value transfer request passes through fingerprint authentication.
Alternatively, logarithm value transfer request processes, including:
Obtain the numerical value transfer pin of user's input;
Judge whether the numerical value transfer pin of input matches with numerical value transfer pin that is that store or that issue;
When input numerical value transfer pin and storage or time the numerical value transfer pin that issues matches, believe according to object Breath deducts respective value in the account corresponding with ID.
Above-mentioned all optional technical schemes, can use and arbitrarily combine the alternative embodiment forming the present invention, at this no longer Repeat one by one.
Fig. 4 is the flow chart of a kind of numeric value transfer that the embodiment of the present invention provides.Interaction agent is terminal and target Server.As a example by digital certificate is issued by destination server, seeing Fig. 4, the method flow that the embodiment of the present invention provides includes:
401, terminal obtains the finger print information for unlocking terminal of user setup by fingerprint collecting sensor, and should Finger print information is stored in appointment safety zone.
In embodiments of the present invention, fingerprint collecting sensor can be that be arranged in terminal a has finger print collecting function Application software, the form of fingerprint collecting sensor is the most specifically limited by the embodiment of the present invention.
In order to carry out follow-up finger print information checking, also need to be believed by the fingerprint of fingerprint collecting sensor typing user in advance Breath.Such as, after detecting that user triggers finger print collecting function, user can be pointed out to be placed on terminal demonstration interface by finger Specify on fingerprint collecting region, thus terminal realizes the collection of finger print information.This finger print information can be used for the unblock of terminal unit, The holder of terminal is only had after being operated by unlocked by fingerprint, the most operable terminal, and then just has use finger print information number The possibility of value transfer operation.
Additionally, in view of finger print information has the characteristic of height secret, so finger print information will not upload to any server, Generally only preserve on the terminal device.And when preserving on the terminal device, based on safety consider, also finger print information can be deposited In the appointment safety zone of storage the most such as trustzone.
402, when terminal detects fingerprint activated trigger action, the ID of user is obtained, and by ID Upload to destination server.
In embodiments of the present invention, numerical value transfer client " activating fingerprint to pay " of clicking on the page are logged in as user Button time, just can determine that and fingerprint activated trigger action detected, thus trigger the acquisition flow process of digital certificate.
Wherein, ID can include that address name, user's contact number, user address, user commonly use mailbox etc., this This is the most specifically limited by inventive embodiments.In order to ensure the safety that data are transmitted, ID is being uploaded to target Before server, can first ID be encrypted, by the files passe after encryption to destination server.Wherein, to When family mark is encrypted, AES (Advanced Encryption Standard, Advanced Encryption Standard), DES can be taked Cipher modes such as (Data Encryption Standard, data encryption standardss), this is not carried out by the embodiment of the present invention Concrete restriction.
It should be noted that if the Third Party Authentication center that digital certificate is approved by destination server is issued, then terminal exists After specifying ESD protection area to complete the installation of digital certificate, the activation paid for the ease of fingerprint in subsequent process and target clothes Signature packet is decrypted by business device, also needs the PKI in digital certificate is uploaded to destination server.
403, destination server is that user distributes digital certificate according to ID, and digital certificate is back to terminal.
In embodiments of the present invention, destination server, when distributing digital certificate for user, can take following manner to realize: According to ID, it is that user issues numeral by CA (Certificate Authority, certification authority) authentication service Certificate.Wherein, digital certificate at least includes ID, the private key being encrypted the first message digest and to signed data The PKI that bag is decrypted.The content that digital certificate is included by the embodiment of the present invention the most specifically limits.
It should be noted that above-mentioned digital certificate is in addition to can being issued by destination server, also can be by special card Book issuing organization is issued.That is, ID is uploaded to the given server of certificate authority structure by terminal, is referred to by this afterwards Determining server is that user issues digital certificate.Finally, it is intended that digital certificate is sent respectively to terminal and destination service by server Device.The method of salary distribution of digital certificate is the most specifically limited by the embodiment of the present invention, and the embodiment of the present invention is only with destination server Illustrate as a example by carrying out the issuing of digital certificate.
404, terminal is after receiving digital certificate, shows fingerprint authentication interface by particular safety operating system, is referring to The appointment finger print information of user is obtained on stricture of vagina checking interface.
In embodiments of the present invention, in order to ensure the safety of finger print information, a particular safety that terminal is additionally mounted Operating system, this particular safety operating system is specifically designed to the numerical value transfer operation to fingerprint form and processes.Only pass through Particular safety operating system can arouse fingerprint authentication interface.There is on this fingerprint authentication interface finger print information pickup area, use Family is in the fingerprint collecting information according to fingerprint authentication interface display, after finger is placed in this finger print information pickup area, eventually End just can get the appointment finger print information of user.Wherein, finger such as " please can be put in diagram by fingerprint collecting information Fingerprint collecting region " etc. printed words, this is the most specifically limited by the embodiment of the present invention.
Additionally, terminal is when storing digital certificate, based on safety consider, also by digital certificate store such as In the appointment safety zone of trustzone.
405, terminal will specify the finger print information finger print information with storage to compare;When specifying finger print information and storage When finger print information matches, carried out the installation of digital certificate by particular safety operating system.
In embodiments of the present invention, terminal is before specifying the finger print information finger print information with storage to compare, first The finger print information of storage is obtained from the appointment safety zone of terminal chip;Afterwards, will currently be adopted by fingerprint collecting sensor Collect to specify finger print information with storage finger print information compare;If specifying the finger print information phase of finger print information and storage Coupling, then specified finger print information by checking, carried out the installation of digital certificate by particular safety operating system.
Wherein, when carrying out the installation of digital certificate, referring to existing digital certificate mounting means and realize, the present invention is real Execute example this is the most specifically limited.After digital certificate is installed successfully, just complete swashing of fingerprint form numerical value transfer operation Live.It follows that numerical value transfer can be realized finger print information based on user.After activating successfully, client can be shifted at numerical value Display activates successful prompting message.
It should be noted that the corresponding numerical value transfer operation flow process activating fingerprint form of above-mentioned steps 401 to step 405. Following step 406 to step 412 correspondence realizes the operating process of numerical value transfer according to finger print information.Wherein, the present invention is being performed During the numeric value transfer that embodiment provides, above-mentioned steps 401 to step 405, without being all performed every time, only makes for the first time Perform once when realizing numerical value transfer with finger print information.Follow-up numerical value transfer repeatedly once can be performed that is, activate Operating process.When in subsequent process, digital certificate has renewal, it is only necessary to digital certificate is updated.
406, after terminal detects the numerical value transfer operation in specified page, generate for describing numerical value transfer operation First message digest.
Wherein, it is intended that the page refers to the page that numerical value transfer client provides.For numerical value transfer client, it carries Supplied numerical value to shift interface, facilitate user calling a taxi, shopping etc. time shift client by numerical value and carry out delivery operation.Additionally, In order to promote the experience of user, numerical value transfer client keeps even typically also through the server of other interfaces with trade company Connect so that its commodity can be shown by trade company by the related pages of numerical value transfer client, it is simple to user passes through numerical value Transfer client is done shopping.
When user have selected object by its held terminal, this object mark is sent to destination service by terminal Device.This object mark, after receiving this object mark, is sent to merchant server, by merchant by destination server Device generates object information according to object mark.Afterwards, object information is being sent out by merchant server via destination server Give terminal so that user gets object information.Wherein, object information is possible not only to include the numerical value that object is corresponding Total value, it is also possible to include title and the description information etc. of object.It addition, an object information can uniquely identify one Object or one group of object group being made up of multiple objects.
The numerical value transfer client of terminal is after getting object information, when detecting that user clicks in specified page Such as " confirm pay " button after, just can determine that and the numerical value transfer operation specified on the application page detected, thus the page is just Redirect, jump to the means of payment and select the page.Wherein, the means of payment can include fingerprint payment, password payment etc., this This is the most specifically limited by bright embodiment.After user have selected the fingerprint means of payment, just generate and be used for describing numerical value transfer First message digest of operation.
Wherein, when generating the first message digest of user profile numerical value transfer operation, following manner can be taked to realize:
Obtain the multinomial description information for describing numerical value transfer operation;In multinomial description information, choose at least one close Key describes information;Critical field is obtained, using critical field as logarithm value transfer operation from least one key descriptors The first message digest being described.
Wherein, multinomial description information can include ID, order number, object title, object quantity, object figure Sheet, numerical value total value, numerical value transfering type, placing an order the time etc., this is the most specifically limited by the embodiment of the present invention.Wherein, right In numerous description information that numerical value transfer operation is described, ID, order number, object title, object quantity, number Value total values etc. are requisite to subsequent treatment numerical value transfer request, therefore can be by ID, order number, target name Title, object quantity, numerical value total value etc. are as key descriptors.Keyword is being obtained from least one key descriptors Duan Shi, can be using header information corresponding for each key descriptors as the first message digest.
Certainly, in addition to the mode of above-mentioned generation the first message digest, other generating modes, the embodiment of the present invention can also be taked This is the most specifically limited.
It should be noted that when numerical value transfer client generates the first message digest of user profile numerical value transfer operation After, based on safety consider, by particular safety operating system, this first message digest will be stored in the finger of terminal chip During Dingan County is region-wide.
407, terminal obtains the appointment finger print information that user is currently inputted by fingerprint collecting sensor, according to the finger of storage The appointment finger print information got is verified by stricture of vagina information.
In embodiments of the present invention, in order to determine whether current numerical value transfer operation is initiated by user, the present invention The method that embodiment provides also includes the step verifying the identity of user.
After the first message digest is stored in appointment safety zone by above-mentioned steps 406, particular safety operating system will Arouse fingerprint authentication interface, and point out user to input fingerprint.When user's finger is placed in the fingerprint collecting region at fingerprint authentication interface After, the fingerprint collecting sensor that terminal is arranged just can collect the appointment finger print information of user.Afterwards, particular safety operating system Obtain the finger print information of storage specified in safety zone.Particular safety operating system according to the finger print information stored to currently The appointment finger print information of user's input is verified.If appointment finger print information and the finger print information stored of active user's input Mate completely, it is determined that current numerical value transfer operation is initiated by user.
408, after specifying finger print information by checking, according to digital certificate, the first message digest is processed, obtain Signature packet.
In embodiments of the present invention, according to digital certificate, the first message digest is being processed, obtaining signature packet Time, following manner can be taked to realize:
Obtain and be stored in the digital certificate specified in safety zone;According to the private key in digital certificate, pass through particular safety First message digest is encrypted by operating system, obtains encryption data bag;By particular safety operating system to encryption data Bag is signed, and obtains signature packet.
Wherein, when the first message digest is signed, can be realized by existing signature technology, the embodiment of the present invention This is the most specifically limited.Digital signature refers to the sender of the first message digest is carried out uniquely identified numeric string.? After first message digest is encrypted and signs, fingerprint authentication interface is just closed.
409, signature packet and numerical value transfer request are sent to destination server by terminal.
In embodiments of the present invention, ID in numerical value transfer request, order number, object title, object quantity, Object picture, numerical value total value, numerical value transfering type, placing an order the time etc., this is the most specifically limited by the embodiment of the present invention.With Family mark is for being identified user, and i.e. destination server can be distinguished by ID is which user has initiated number Value transfer request.ID can be the login name that user logs in numerical value transfer client, the termination number of such as user or use The pet name at family;ID can be also the head portrait picture of user, and the form of ID is the most specifically limited by the embodiment of the present invention Fixed.
It is assumed that user lead to numerical value transfer client provide the purchase page buy doll Bears, client by doll Bears identify, The link information buying the page is sent to destination server, and this doll is identified by destination server, link information is sent to trade company Server, is generated object information by merchant server.The numerical value total value comprised in this object information is monetary value, and Object information is returned to numerical value transfer client so that user knows object information such that it is able to initiate numerical value transfer Flow process.Wherein, for numerical value transfer client, it may also include chat, personal exhibition in addition to including numerical value forwarding function Show platform, call a taxi, transfer accounts, play, the several functions such as shopping, this is the most specifically limited by the embodiment of the present invention.
Wherein, signature packet and numerical value transfer request were being sent before destination server by terminal, also can be by above-mentioned Data are encrypted, to guarantee the safety that data are transmitted.Wherein, cipher mode can be AES (Advanced Encryption Standard, Advanced Encryption Standard), DES (Data Encryption Standard, data encryption standards) etc., the present invention is real Execute example this is the most specifically limited.
410, destination server is after the signature packet receiving terminal transmission and numerical value transfer request, obtains numeral card Book, digital certificate at least includes the PKI being decrypted signature packet.
In embodiments of the present invention, destination server is receiving signature packet and the numerical value transfer request that terminal sends Afterwards, logarithm value transfer request processes the most immediately, but first verifies, this numerical value transfer request to avoid the occurrence of down State two kinds of situations.The first situation, other people pretend to be the name of user to initiate this numerical value transfer request;The second situation, In number data transmission procedure, data are maliciously tampered.And the first step carrying out the verifying numerical value that to be user to be obtained corresponding card Book.When obtaining digital certificate, can obtain from the safety zone of destination server, this is not carried out by the embodiment of the present invention Concrete restriction.
411, whether destination server passes through fingerprint inspection according to digital certificate and signature packet, checking numerical value transfer request Card;When numerical value transfer request is by fingerprint authentication, perform following step 412.
In embodiments of the present invention, destination server is according to digital certificate and signature packet, and checking numerical value transfer please Seeking Truth no by fingerprint authentication time, following manner can be taked to realize:
According to the PKI in digital certificate, signature packet is decrypted, obtains the first message digest;Turn according to numerical value The request of shifting generates the second message digest;First message digest and the second message digest are compared;If the first message digest Match with the second message digest, then numerical value transfer request passes through fingerprint authentication.
Wherein, when generating the second message digest according to numerical value transfer request, need to protect with the mode shown in above-mentioned steps 406 Hold consistent.If the first message digest and the second message digest mate completely, then prove this numerical value transfer request in terminal Pass through the fingerprint authentication of user, and be not maliciously tampered in data transmission procedure, the transfer of this numerical value can have been asked Ask and carry out respective handling.
412, after numerical value transfer request is by fingerprint authentication, logarithm value transfer request processes.
In embodiments of the present invention, after numerical value transfer request is by the fingerprint authentication shown in above-mentioned steps 411, target takes This numerical value transfer request just can be processed by business device, and processing mode is specific as follows:
Obtain the numerical value transfer pin of user's input;Judge the numerical value transfer pin of input whether with storage or issue Numerical value transfer pin matches;When input numerical value transfer pin and storage or time the numerical value transfer pin that issues matches, In the account corresponding with ID, respective value is deducted according to object information.
In above-mentioned handling process, before the numerical value in deduction user account, for the peace guaranteed payment further Quan Xing, further comprises and add the step testing payment cipher or short message verification code.Wherein, payment cipher is configured in advance by user, Short message verification code is a string character identifying code that destination server issues to terminal at random.Certainly, enter in logarithm value transfer request When row processes, it is possible to being not added with testing payment cipher or short message verification code, this is the most specifically limited by the embodiment of the present invention.
Additionally, after destination server deducts respective value in user account, also numerical value can be sent to terminal and shift successfully Prompting message, be disposed with the numerical value transfer request pointing out user current.
The method that the embodiment of the present invention provides, after terminal detects the numerical value transfer operation in specified page, generates and uses In the message digest describing numerical value transfer operation;Afterwards, according to the finger print information of storage, the appointment finger print information got is entered Row checking;After specifying finger print information by checking, according to digital certificate, message digest is carried out process and obtains signature packet, And signature packet and numerical value transfer request are sent to destination server, by destination server according to digital certificate and number of signature According to bag, logarithm value transfer request processes, in numerical value transfer process, real owing to combining digital certificate and fingerprint authentication technology Show the transfer of numerical value, therefore can ensure that local fingerprint authentication result intactly uploads to destination server, it is to avoid occurred Data are maliciously distorted by other people or other people pretend to be user to initiate in the case of numerical value transfer request, and destination server is the most right Numerical value transfer request carries out the risk processed, and the safety of this kind of numerical value branch mode is higher.It addition, digital certificate and fingerprint letter Breath is stored in the appointment safety zone of terminal, and terminal completes the installation of digital certificate by particular safety operating system and refers to The checking of stricture of vagina information, has therefore further assured that the safety of handling process.
Fig. 5 is the structural representation embodiments providing a kind of numerical value transfer device, is applied to terminal.See figure 5, this device includes: message digest generation module 501, finger print information authentication module 502, message digest processing module 503, data Sending module 504.
Wherein, message digest generation module 501, for when, after the numerical value transfer operation detected in specified page, generating For describing the message digest of numerical value transfer operation;Finger print information authentication module 502 is connected with message digest generation module 501, For the finger print information according to storage, the appointment finger print information got is verified;Message digest processing module 503 and finger Stricture of vagina information authentication module 502 connects, for, after specifying finger print information by checking, carrying out message digest according to digital certificate Processing, obtain signature packet, digital certificate at least includes the private key being encrypted message digest;Data transmission blocks 504 It is connected with message digest processing module 503, for signature packet and numerical value transfer request are sent to destination server, by mesh Mark server processes according to digital certificate and signature packet, logarithm value transfer request;Wherein, in numerical value transfer request extremely Include ID and object information less.
Alternatively, this device also includes:
Finger print information acquisition module, for obtaining finger print information by fingerprint collecting sensor;
Finger print information memory module, for being stored in appointment safety zone by finger print information;
Finger print information authentication module, for specifying the finger print information fingerprint with storage to believe by particular safety operating system Breath is compared;When specifying the finger print information finger print information with storage to match, it is intended that finger print information is by checking.
Alternatively, message digest processing module, it is stored in, for obtaining, the digital certificate specified in safety zone;According to number Private key in word certificate, is encrypted message digest by particular safety operating system, obtains encryption data bag;By specific Encryption data bag is signed by SOS, obtains signature packet.
Alternatively, this device also includes:
ID acquisition module, for when fingerprint activated trigger action being detected, obtains the ID of user;
Transmission module in ID, for uploading to destination server by ID, by destination server according to user It is designated user and distributes digital certificate, digital certificate is back to terminal.
Alternatively, this device also includes:
Fingerprint authentication interface display module, for showing fingerprint authentication interface by particular safety operating system;
Specify data obtaining module, for obtaining the appointment finger print information of user on fingerprint authentication interface;
Finger print information authentication module, for specifying the finger print information finger print information with storage to compare;
Digital certificate installs module, for when specifying the finger print information finger print information with storage to match, by specific SOS carries out the installation of digital certificate.
Alternatively, message digest generation module, for obtaining the multinomial description information for describing numerical value transfer operation;? Multinomial description information chooses at least one key descriptors;Critical field is obtained from least one key descriptors, The message digest that critical field is described as logarithm value transfer operation.
The device that the embodiment of the present invention provides, after terminal detects the numerical value transfer operation in specified page, generates and uses In the message digest describing numerical value transfer operation;Afterwards, according to the finger print information of storage, the appointment finger print information got is entered Row checking;After specifying finger print information by checking, according to digital certificate, message digest is carried out process and obtains signature packet, And signature packet and numerical value transfer request are sent to destination server, by destination server according to digital certificate and number of signature According to bag, logarithm value transfer request processes, in numerical value transfer process, real owing to combining digital certificate and fingerprint authentication technology Show the transfer of numerical value, therefore can ensure that local fingerprint authentication result intactly uploads to destination server, it is to avoid occurred Data are maliciously distorted by other people or other people pretend to be user to initiate in the case of numerical value transfer request, and destination server is the most right Numerical value transfer request carries out the risk processed, and the safety of this kind of numerical value branch mode is higher.
Fig. 6 is the structural representation embodiments providing a kind of numerical value transfer device, is applied to destination server. Seeing Fig. 6, this device includes: data reception module 601, digital certificate acquisition module 602, fingerprint authentication module 603, numerical value turn Move request processing module 604.
Wherein, data reception module 601, for receiving signature packet and the numerical value transfer request that terminal sends, signature Packet is the first message digest being encrypted and signing, and the first message digest is used for describing numerical value transfer operation, and numerical value turns Move in request and at least include ID and object information;Digital certificate acquisition module 602 is with data reception module 601 even Connecing, for obtaining the digital certificate that signature packet is corresponding, digital certificate at least includes the public affairs being decrypted signature packet Key;Fingerprint authentication module 603 is connected with digital certificate acquisition module 602, for according to digital certificate and signature packet, checking Whether numerical value transfer request passes through fingerprint authentication;Numerical value transfer request processing module 604 is connected with fingerprint authentication module 603, uses After when numerical value transfer request by fingerprint authentication, logarithm value transfer request processes.
Alternatively, fingerprint authentication module, for according to the PKI in digital certificate, signature packet is decrypted, To the first message digest;The second message digest is generated according to numerical value transfer request;By the first message digest and the second message digest Compare;If the first message digest and the second message digest match, then numerical value transfer request passes through fingerprint authentication.
Alternatively, numerical value transfer request processing module, for obtaining the numerical value transfer pin of user's input;Judge input Whether numerical value transfer pin matches with numerical value transfer pin that is that store or that issue;Numerical value transfer pin and storage when input Or time the numerical value transfer pin that issues matches, deduct corresponding in the account corresponding to ID according to object information Numerical value.
The method that the embodiment of the present invention provides, after terminal detects the numerical value transfer operation in specified page, generates and uses In the message digest describing numerical value transfer operation;Afterwards, according to the finger print information of storage, the appointment finger print information got is entered Row checking;After specifying finger print information by checking, according to digital certificate, message digest is carried out process and obtains signature packet, And signature packet and numerical value transfer request are sent to destination server, by destination server according to digital certificate and number of signature According to bag, logarithm value transfer request processes, in numerical value transfer process, real owing to combining digital certificate and fingerprint authentication technology Show the transfer of numerical value, therefore can ensure that local fingerprint authentication result intactly uploads to destination server, it is to avoid occurred Data are maliciously distorted by other people or other people pretend to be user to initiate in the case of numerical value transfer request, and destination server is the most right Numerical value transfer request carries out the risk processed, and the safety of this kind of numerical value branch mode is higher.
It should be understood that above-described embodiment provide numerical value transfer device carry out numerical value transfer time, only with above-mentioned respectively The division of functional module is illustrated, and in actual application, can distribute above-mentioned functions by different merits as desired Module can complete, the internal structure of device will be divided into different functional modules, with complete described above all or portion Divide function.It addition, the numerical value transfer device that above-described embodiment provides belongs to same design with numeric value transfer embodiment, its tool Body realizes process and refers to embodiment of the method, repeats no more here.
Fig. 7 is a kind of terminal that the embodiment of the present invention provides, and this terminal may be used for performing offer in above-described embodiment Numeric value transfer.Seeing Fig. 7, this terminal 700 includes:
RF (Radio Frequency, radio frequency) circuit 110, include one or more computer-readable storage mediums The memorizer 120 of matter, input block 130, display unit 140, sensor 150, voicefrequency circuit 160, WiFi (Wireless Fidelity, Wireless Fidelity) module 170, include one or more than one processor 180 processing core and power supply 190 parts such as grade.It will be understood by those skilled in the art that the terminal structure shown in Fig. 7 is not intended that the restriction to terminal, permissible Illustrate more or less of parts including ratio, or combine some parts, or different parts are arranged.Wherein:
RF circuit 110 can be used for receiving and sending messages or in communication process, the reception of signal and transmission, especially, by base station After downlink information receives, transfer to one or more than one processor 180 processes;It addition, be sent to relating to up data Base station.Generally, RF circuit 110 includes but not limited to antenna, at least one amplifier, tuner, one or more agitator, use Family identity module (SIM) card, transceiver, bonder, LNA (Low Noise Amplifier, low-noise amplifier), duplex Device etc..Additionally, RF circuit 110 can also be communicated with network and other equipment by radio communication.Radio communication can use appoints One communication standard or agreement, include but not limited to that GSM (Global System of Mobile communication, move by the whole world Dynamic communication system), GPRS (General Packet Radio Service, general packet radio service), CDMA (Code Division Multiple Access, CDMA), WCDMA (Wideband Code Division Multiple Access, WCDMA), LTE (Long Term Evolution, Long Term Evolution), Email, SMS (Short Messaging Service, Short Message Service) etc..
Memorizer 120 can be used for storing software program and module, and processor 180 is stored in memorizer 120 by operation Software program and module, thus perform various function application and data process.Memorizer 120 can mainly include storing journey Sequence district and storage data field, wherein, storage program area can store the application program (ratio needed for operating system, at least one function Such as sound-playing function, image player function etc.) etc.;Storage data field can store the number that the use according to terminal 700 is created According to (such as voice data, phone directory etc.) etc..Additionally, memorizer 120 can include high-speed random access memory, it is also possible to bag Include nonvolatile memory, for example, at least one disk memory, flush memory device or other volatile solid-state parts. Correspondingly, memorizer 120 can also include Memory Controller, to provide processor 180 and input block 130 to memorizer The access of 120.
Input block 130 can be used for receiving numeral or the character information of input, and produces and user setup and function Control relevant keyboard, mouse, action bars, optics or the input of trace ball signal.Specifically, input block 130 can include touching Sensitive surfaces 131 and other input equipments 132.Touch sensitive surface 131, also referred to as touches display screen or Trackpad, can collect use Family thereon or neighbouring touch operation (such as user uses any applicable object such as finger, stylus or adnexa at touch-sensitive table Operation on face 131 or near Touch sensitive surface 131), and drive corresponding attachment means according to formula set in advance.Optional , Touch sensitive surface 131 can include touch detecting apparatus and two parts of touch controller.Wherein, touch detecting apparatus detection is used The touch orientation at family, and detect the signal that touch operation brings, transmit a signal to touch controller;Touch controller is from touch Receive touch information on detection device, and be converted into contact coordinate, then give processor 180, and processor 180 can be received The order sent also is performed.Furthermore, it is possible to use the polytypes such as resistance-type, condenser type, infrared ray and surface acoustic wave Realize Touch sensitive surface 131.Except Touch sensitive surface 131, input block 130 can also include other input equipments 132.Specifically, Other input equipments 132 can include but not limited to physical keyboard, function key (such as volume control button, switch key etc.), One or more in trace ball, mouse, action bars etc..
Display unit 140 can be used for the information that inputted by user of display or the information being supplied to user and terminal 700 Various graphical user interface, these graphical user interface can be made up of figure, text, icon, video and its combination in any. Display unit 140 can include display floater 141, optionally, can use LCD (Liquid Crystal Display, liquid crystal Show device), the form such as OLED (Organic Light-Emitting Diode, Organic Light Emitting Diode) configure display floater 141.Further, Touch sensitive surface 131 can cover display floater 141, when Touch sensitive surface 131 detects thereon or neighbouring touching After touching operation, send processor 180 to determine the type of touch event, with preprocessor 180 according to the type of touch event Display floater 141 provides corresponding visual output.Although in the figure 7, Touch sensitive surface 131 and display floater 141 are conducts Two independent parts realize input and output function, but in some embodiments it is possible to by Touch sensitive surface 131 and display Panel 141 is integrated and realizes input and output function.
Terminal 700 may also include at least one sensor 150, such as optical sensor, motion sensor and other sensings Device.Specifically, optical sensor can include ambient light sensor and proximity transducer, and wherein, ambient light sensor can be according to environment The light and shade of light regulates the brightness of display floater 141, and proximity transducer can cut out display when terminal 700 moves in one's ear Panel 141 and/or backlight.As the one of motion sensor, Gravity accelerometer can detect in all directions (generally Three axles) size of acceleration, can detect that size and the direction of gravity time static, can be used for identifying the application (ratio of mobile phone attitude Such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, percussion) etc.;Extremely Other sensors such as the gyroscope that can also configure in terminal 700, barometer, drimeter, thermometer, infrared ray sensor, at this Repeat no more.
Voicefrequency circuit 160, speaker 161, microphone 162 can provide the audio interface between user and terminal 700.Audio frequency The signal of telecommunication after the voice data conversion that circuit 160 can will receive, is transferred to speaker 161, speaker 161 is converted to sound Tone signal exports;On the other hand, the acoustical signal of collection is converted to the signal of telecommunication by microphone 162, voicefrequency circuit 160 after receiving Being converted to voice data, then after being processed by voice data output processor 180, through RF circuit 110, to be sent to such as, another is eventually End, or voice data is exported to memorizer 120 to process further.Voicefrequency circuit 160 is also possible that earphone jack, To provide the communication of peripheral hardware earphone and terminal 700.
WiFi belongs to short range wireless transmission technology, and terminal 700 can help user's transceiver electronics by WiFi module 170 Mail, browsing webpage and access streaming video etc., it has provided the user wireless broadband internet and has accessed.
Processor 180 is the control centre of terminal 700, utilizes various interface and each portion of the whole mobile phone of connection Point, it is stored in the software program in memorizer 120 and/or module by running or performing, and calls and be stored in memorizer 120 Interior data, perform the various functions of terminal 700 and process data, thus mobile phone is carried out integral monitoring.Optionally, processor 180 can include one or more process core;Preferably, processor 180 can integrated application processor and modem processor, Wherein, application processor mainly processes operating system, user interface and application program etc., and modem processor mainly processes nothing Line communicates.It is understood that above-mentioned modem processor can not also be integrated in processor 180.
Terminal 700 also includes the power supply 190 (such as battery) powered to all parts, it is preferred that power supply can be by electricity Management system is logically contiguous with processor 180, thus realizes management charging, electric discharge and power consumption by power-supply management system The functions such as management.Power supply 190 can also include one or more direct current or alternating current power supply, recharging system, power supply event Barrier testing circuit, power supply changeover device or the random component such as inverter, power supply status indicator.
Although not shown, terminal 700 can also include photographic head, bluetooth module etc., does not repeats them here.Specifically in this reality Executing in example, the display unit of terminal is touch-screen display, and terminal also includes memorizer, and one or more than one Program, one of them or more than one program is stored in memorizer, and is configured to by one or more than one process Device performs to state one or more than one program comprises the instruction for carrying out following operation:
When, after the numerical value transfer operation detected in specified page, generating and pluck for the message describing numerical value transfer operation Want;
According to the finger print information of storage, the appointment finger print information got is verified;
After specifying finger print information by checking, according to digital certificate, message digest is processed, obtain signed data Bag, digital certificate at least includes the private key being encrypted message digest;
Signature packet and numerical value transfer request are sent to destination server, by destination server according to digital certificate and Signature packet, logarithm value transfer request processes;
Wherein, numerical value transfer request at least includes ID and object information.
Assume above-mentioned for the first possible embodiment, then provide based on the embodiment that the first is possible The possible embodiment of the second in, in the memorizer of terminal, also comprise for performing the following instruction operated:
Finger print information is obtained by fingerprint collecting sensor;
Finger print information is stored in appointment safety zone;
The appointment finger print information got is verified by the finger print information according to storage, including:
The finger print information finger print information with storage will be specified to compare by particular safety operating system;
When specifying the finger print information finger print information with storage to match, it is intended that finger print information is by checking.
In the third the possible embodiment provided based on the embodiment that the first is possible, depositing of terminal In reservoir, also comprise for performing the following instruction operated:
Obtain and be stored in the digital certificate specified in safety zone;
According to the private key in digital certificate, by particular safety operating system, message digest is encrypted, is encrypted Packet;
By particular safety operating system, encryption data bag is signed, obtain signature packet.
In the 4th kind of possible embodiment provided based on the embodiment that the first is possible, depositing of terminal In reservoir, also comprise for performing the following instruction operated:
When fingerprint activated trigger action being detected, obtain the ID of user;
ID is uploaded to destination server, by destination server according to ID be user distribute numeral card Book, is back to terminal by digital certificate.
In the 5th kind of possible embodiment provided based on the 4th kind of possible embodiment, depositing of terminal In reservoir, also comprise for performing the following instruction operated:
Fingerprint authentication interface is shown by particular safety operating system;
Fingerprint authentication interface obtains the appointment finger print information of user;
Compare specifying the finger print information finger print information with storage;
When specifying the finger print information finger print information with storage to match, carry out numeral card by particular safety operating system The installation of book.
In the 6th kind of possible embodiment provided based on the embodiment that the first is possible, depositing of terminal In reservoir, also comprise for performing the following instruction operated:
Obtain the multinomial description information for describing numerical value transfer operation;
At least one key descriptors is chosen in multinomial description information;
From at least one key descriptors, obtain critical field, critical field is carried out as logarithm value transfer operation The message digest described.
The terminal that the embodiment of the present invention provides, when, after the numerical value transfer operation detected in specified page, generating and be used for retouching State the message digest of numerical value transfer operation;Afterwards, according to the finger print information of storage, the appointment finger print information got is tested Card;After specifying finger print information by checking, according to digital certificate, message digest is carried out process and obtain signature packet, and will Signature packet and numerical value transfer request send to destination server, by destination server according to digital certificate and signed data Bag, logarithm value transfer request processes, and in numerical value transfer process, realizes owing to combining digital certificate and fingerprint authentication technology The transfer of numerical value, therefore can ensure that local fingerprint authentication result intactly uploads to destination server, it is to avoid number is occurring According to maliciously being distorted by other people or other people pretend to be user to initiate in the case of numerical value transfer request, destination server still logarithm Value transfer request carries out the risk processed, and the safety of this kind of numerical value branch mode is higher.
Fig. 8 is a kind of server that the embodiment of the present invention provides, and this server may be used for performing mesh in above-described embodiment Mark numeric value transfer performed by server.Seeing Fig. 8, this server 1900 can produce compare because of configuration or performance difference Big difference, can include one or more central processing units (central processing units, CPU) 1922 (such as, one or more processors) and memorizer 1932, one or more storage application program 1942 or data The storage medium 1930 (such as one or more mass memory units) of 1944.Wherein, memorizer 1932 and storage medium 1930 can be of short duration storages or persistently store.The program being stored in storage medium 1930 can include one or more moulds Block (diagram does not marks), each module can include a series of command operatings in server.Further, central authorities process Device 1922 could be arranged to communicate with storage medium 1930, performs a series of fingers in storage medium 1930 on server 1900 Order operation.
Server 1900 can also include one or more power supplys 1926, one or more wired or wireless nets Network interface 1950, one or more input/output interfaces 1958, and/or, one or more operating systems 1941, example Such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc..
Concrete the most in the present embodiment, be configured to by one or more than one processor perform one or more than one Program comprises the instruction for carrying out following operation:
Receiving signature packet and numerical value transfer request that terminal sends, signature packet is the being encrypted and signing One message digest, the first message digest is used for describing numerical value transfer operation, numerical value transfer request at least includes ID and Object information;
Obtaining the digital certificate that signature packet is corresponding, digital certificate at least includes the public affairs being decrypted signature packet Key;
According to digital certificate and signature packet, whether checking numerical value transfer request passes through fingerprint authentication;
After numerical value transfer request is by fingerprint authentication, logarithm value transfer request processes.
Assume above-mentioned for the first possible embodiment, then provide based on the embodiment that the first is possible The possible embodiment of the second in, in the memorizer of server, also comprise for performing the following instruction operated:
According to the PKI in digital certificate, signature packet is decrypted, obtains the first message digest;
The second message digest is generated according to numerical value transfer request;
First message digest and the second message digest are compared;
If the first message digest and the second message digest match, then numerical value transfer request passes through fingerprint authentication.
In the third the possible embodiment provided based on the embodiment that the first is possible, server In memorizer, also comprise for performing the following instruction operated:
Obtain the numerical value transfer pin of user's input;
Judge whether the numerical value transfer pin of input matches with numerical value transfer pin that is that store or that issue;
When input numerical value transfer pin and storage or time the numerical value transfer pin that issues matches, believe according to object Breath deducts respective value in the account corresponding with ID.
The server that the embodiment of the present invention provides, after terminal detects the numerical value transfer operation in specified page, generates For describing the message digest of numerical value transfer operation;Afterwards, according to the finger print information appointment finger print information to getting of storage Verify;After specifying finger print information by checking, according to digital certificate, message digest is carried out process and obtain signed data Bag, and signature packet and numerical value transfer request are sent to destination server, by destination server according to digital certificate and label Name packet, logarithm value transfer request processes, in numerical value transfer process, owing to combining digital certificate and fingerprint authentication skill Art achieves the transfer of numerical value, therefore can ensure that local fingerprint authentication result intactly uploads to destination server, it is to avoid Occur data maliciously distorted by other people or other people pretend to be user initiation numerical value transfer request in the case of, destination server depends on So logarithm value transfer request carries out the risk processed, and the safety of this kind of numerical value branch mode is higher.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can pass through hardware Completing, it is also possible to instruct relevant hardware by program and complete, described program can be stored in a kind of computer-readable In storage medium, storage medium mentioned above can be read only memory, disk or CD etc..
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all spirit in the present invention and Within principle, any modification, equivalent substitution and improvement etc. made, should be included within the scope of the present invention.

Claims (16)

1. a numeric value transfer, described method is applied to terminal, it is characterised in that described method includes:
When, after the numerical value transfer operation detected in specified page, generating the first message for describing described numerical value transfer operation Summary;
According to the finger print information of storage, the appointment finger print information got is verified;
After described appointment finger print information is by checking, according to digital certificate, described first message digest is processed, obtain Signature packet, described digital certificate at least includes the private key being encrypted described first message digest;
Described signature packet and numerical value transfer request are sent to destination server, by described destination server according to described number PKI in word certificate, is decrypted described signature packet and obtains the first message digest;According to described numerical value transfer request Generate the second message digest;Described first message digest and described second message digest are compared;If described first report Digest to match with described second message digest, and the most described numerical value transfer request passes through fingerprint authentication, shifts described numerical value Request processes;
Wherein, at least including ID and object information in described numerical value transfer request, the finger print information of described storage is deposited Store up and specifying safety zone.
Method the most according to claim 1, it is characterised in that the described finger print information according to the storage appointment to getting Before finger print information is verified, described method also includes:
Finger print information is obtained by fingerprint collecting sensor;
Described finger print information is stored in appointment safety zone;
The appointment finger print information got is verified by the described finger print information according to storage, including:
By particular safety operating system, the finger print information of described appointment finger print information with storage is compared;
When the finger print information of described appointment finger print information Yu storage matches, described appointment finger print information is by checking.
Method the most according to claim 1, it is characterised in that described according to digital certificate, described first message digest is entered Row processes, and obtains signature packet, including:
Obtain and be stored in the described digital certificate specified in safety zone;
According to the private key in described digital certificate, by particular safety operating system, described first message digest is encrypted, Obtain encryption data bag;
By described particular safety operating system, described encryption data bag is signed, obtain described signature packet.
Method the most according to claim 1, it is characterised in that described generation is for retouching described numerical value transfer operation Before the first message digest stated, described method also includes:
When fingerprint activated trigger action being detected, obtain the ID of user;
Described ID is uploaded to described destination server, described destination server is described according to described ID User distributes digital certificate, and described digital certificate is back to terminal.
Method the most according to claim 4, it is characterised in that described described digital certificate is back to terminal after, institute Method of stating also includes:
Fingerprint authentication interface is shown by particular safety operating system;
Described fingerprint authentication interface obtains the appointment finger print information of described user;
The finger print information of described appointment finger print information with storage is compared;
When the finger print information of described appointment finger print information Yu storage matches, carry out institute by described particular safety operating system State the installation of digital certificate.
Method the most according to claim 1, it is characterised in that described generation is for describing the of described numerical value transfer operation One message digest, including:
Obtain the multinomial description information for describing described numerical value transfer operation;
At least one key descriptors is chosen in described multinomial description information;
From at least one key descriptors described, obtain critical field, described critical field is shifted as to described numerical value The first message digest that operation is described.
7. a numeric value transfer, described method is applied to destination server, it is characterised in that described method includes:
Receiving signature packet and numerical value transfer request that terminal sends, described signature packet is the being encrypted and signing One message digest, described first message digest is used for describing numerical value transfer operation, at least includes using in described numerical value transfer request Family mark and object information;
Obtaining the digital certificate that described signature packet is corresponding, described digital certificate at least includes carrying out described signature packet The PKI of deciphering;
According to the PKI in described digital certificate, described signature packet is decrypted, obtains the first message digest;
The second message digest is generated according to described numerical value transfer request;
Described first message digest and described second message digest are compared;
If described first message digest and described second message digest match, the most described numerical value transfer request passes through fingerprint inspection Card;
After described numerical value transfer request is by fingerprint authentication, described numerical value transfer request is processed.
Method the most according to claim 7, it is characterised in that described described numerical value transfer request is processed, including:
Obtain the numerical value transfer pin of user's input;
Judge whether the numerical value transfer pin of input matches with numerical value transfer pin that is that store or that issue;
When input numerical value transfer pin and storage or time the numerical value transfer pin that issues matches, believe according to described object Breath deducts respective value in the account corresponding with described ID.
9. a numerical value transfer device, described device is applied to terminal, it is characterised in that described device includes:
Message digest generation module, for when after the numerical value transfer operation detected in specified page, generates described in being used for describing First message digest of numerical value transfer operation;
Finger print information authentication module, for the finger print information according to storage, verifies the appointment finger print information got;
Message digest processing module, after when described appointment finger print information by checking, according to digital certificate to described first Message digest processes, and obtains signature packet, and described digital certificate at least includes adding described first message digest Close private key;
Data transmission blocks, for sending described signature packet and numerical value transfer request to destination server, by described mesh Described signature packet, according to the PKI in described digital certificate, is decrypted and obtains the first message digest by mark server;Root The second message digest is generated according to described numerical value transfer request;Described first message digest and described second message digest are compared Right;If described first message digest and described second message digest match, the most described numerical value transfer request passes through fingerprint inspection Card, processes described numerical value transfer request;
Wherein, at least including ID and object information in described numerical value transfer request, the finger print information of described storage is deposited Store up and specifying safety zone.
Device the most according to claim 9, it is characterised in that described device also includes:
Finger print information acquisition module, for obtaining finger print information by fingerprint collecting sensor;
Finger print information memory module, for being stored in appointment safety zone by described finger print information;
Described finger print information authentication module, is used for the finger of described appointment finger print information Yu storage by particular safety operating system Stricture of vagina information is compared;When the finger print information of described appointment finger print information Yu storage matches, described appointment finger print information leads to Cross checking.
11. devices according to claim 9, it is characterised in that described message digest processing module, are stored in for acquisition Specify the described digital certificate in safety zone;According to the private key in described digital certificate, by particular safety operating system pair Described first message digest is encrypted, and obtains encryption data bag;By described particular safety operating system to described encryption number Sign according to bag, obtain described signature packet.
12. devices according to claim 9, it is characterised in that described device also includes:
ID acquisition module, for when fingerprint activated trigger action being detected, obtains the ID of user;
Transmission module in ID, for uploading to described destination server by described ID, by described destination server It is that described user distributes digital certificate according to described ID, described digital certificate is back to terminal.
13. devices according to claim 12, it is characterised in that described device also includes:
Fingerprint authentication interface display module, for showing fingerprint authentication interface by particular safety operating system;
Described appointment data obtaining module, for obtaining the appointment finger print information of described user on described fingerprint authentication interface;
Described finger print information authentication module, for comparing the finger print information of described appointment finger print information with storage;
Digital certificate installs module, for when the finger print information of described appointment finger print information Yu storage matches, by described Particular safety operating system carries out the installation of described digital certificate.
14. devices according to claim 9, it is characterised in that described message digest generation module, are used for retouching for acquisition State the multinomial description information of described numerical value transfer operation;In described multinomial description information, choose at least one crucial description believe Breath;From at least one key descriptors described, obtain critical field, described critical field is shifted as to described numerical value The first message digest that operation is described.
15. 1 kinds of numerical value transfer devices, described device is applied to destination server, it is characterised in that described device includes:
Data reception module, for receiving signature packet and the numerical value transfer request that terminal sends, described signature packet is The first message digest being encrypted and sign, described first message digest is used for describing numerical value transfer operation, and described numerical value turns Move in request and at least include ID and object information;
Digital certificate acquisition module, for obtaining the digital certificate that described signature packet is corresponding, described digital certificate at least wraps Include the PKI that described signature packet is decrypted;
Fingerprint authentication module, for according to described digital certificate and described signature packet, verifies that described numerical value transfer request is No pass through fingerprint authentication;
Numerical value transfer request processing module, after when described numerical value transfer request by fingerprint authentication, shifts described numerical value Request processes;
Wherein, described fingerprint authentication module, for according to the PKI in described digital certificate, described signature packet is solved Close, obtain the first message digest;The second message digest is generated according to described numerical value transfer request;By described first message digest and Described second message digest is compared;If described first message digest and described second message digest match, then described Numerical value transfer request passes through fingerprint authentication.
16. devices according to claim 15, it is characterised in that described numerical value transfer request processing module, are used for obtaining The numerical value transfer pin of user's input;Judge the numerical value transfer pin of input whether with storage or the numerical value transfer pin that issues Match;When input numerical value transfer pin and storage or time the numerical value transfer pin that issues matches, according to described target Thing information deducts respective value in the account corresponding with described ID.
CN201410849869.3A 2014-12-31 2014-12-31 Numeric value transfer and device Active CN104899488B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410849869.3A CN104899488B (en) 2014-12-31 2014-12-31 Numeric value transfer and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410849869.3A CN104899488B (en) 2014-12-31 2014-12-31 Numeric value transfer and device

Publications (2)

Publication Number Publication Date
CN104899488A CN104899488A (en) 2015-09-09
CN104899488B true CN104899488B (en) 2016-12-28

Family

ID=54032150

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410849869.3A Active CN104899488B (en) 2014-12-31 2014-12-31 Numeric value transfer and device

Country Status (1)

Country Link
CN (1) CN104899488B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411815B (en) * 2015-07-29 2019-06-07 腾讯科技(深圳)有限公司 A kind of data transfering method, mobile terminal, server and system
CN106487511B (en) * 2015-08-27 2020-02-04 阿里巴巴集团控股有限公司 Identity authentication method and device
CN105262779B (en) * 2015-11-24 2020-09-08 深圳市腾讯计算机系统有限公司 Identity authentication method, device and system
CN107645481B (en) * 2016-07-21 2021-01-15 腾讯科技(深圳)有限公司 Data processing method, system and device
CN106548338B (en) * 2016-09-23 2020-04-24 深圳市微付充科技有限公司 Method and system for transferring resource numerical value

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2002256595A1 (en) * 2002-04-28 2003-11-17 Paycool International Limited System to enable a telecom operator provide financial transactions services and methods for implementing such transactions
WO2008081051A1 (en) * 2006-12-29 2008-07-10 Doyen, S.L. Method and system of security by means of biometric identification of persons
CN101430808A (en) * 2007-11-09 2009-05-13 王巍 Fingerprint credit pen payment system, method and apparatus
CN101299254A (en) * 2008-06-16 2008-11-05 李丽丽 Payment system and payment method thereof
CN101369365A (en) * 2008-06-17 2009-02-18 王美金 POS system for mobile phone based on built-in certificate and virtual credit card
CN102880960B (en) * 2012-09-26 2016-01-13 深圳市亚略特生物识别科技有限公司 Based on the payment by using short messages method and system of fingerprint recognition mobile phone

Also Published As

Publication number Publication date
CN104899488A (en) 2015-09-09

Similar Documents

Publication Publication Date Title
US9703971B2 (en) Sensitive operation verification method, terminal device, server, and verification system
CN104125216B (en) A kind of method, system and terminal for lifting credible performing environment security
CN105704123B (en) A kind of methods, devices and systems for carrying out business processing
CN104468464B (en) verification method, device and system
CN103634294B (en) Information verifying method and device
CN106789089B (en) The method, apparatus and system and server of management certificate
CN104796385B (en) Terminal binding method, apparatus and system
CN104468463B (en) Verification method, device and system
US20150319173A1 (en) Co-verification method, two dimensional code generation method, and device and system therefor
WO2016082194A1 (en) Message processing method and apparatus
CN104902531B (en) Connect method, application authorization server, terminal and the router of network
CN104901805B (en) A kind of identification authentication methods, devices and systems
CN105681032B (en) Method for storing cipher key, key management method and device
CN103425736A (en) Web information recognition method, device and system
CN104184587A (en) Voiceprint generation method, voiceprint generation server, client and voiceprint generation system
CN104901991B (en) Virtual resource transfer method, device and system
CN104735657B (en) Security terminal verification method, wireless access point binding method, apparatus and system
CN104899488B (en) Numeric value transfer and device
CN104852885A (en) Method, device and system for verifying verification code
CN106888087A (en) A kind of method and apparatus for managing certificate
CN104580177B (en) Resource provider method, device and system
CN104954126A (en) Sensitive operation verification method, device and system
CN104901806B (en) A kind of virtual resource processing method, device and system
CN107635262A (en) Terminal connects switching method, device, electronic equipment and the storage medium of network
CN109816375A (en) Method and device for paying public payment fee and subway fee by scanning code

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant